URL: | http://urchintelemetry.com |
Full analysis: | https://app.any.run/tasks/32fae006-d358-405c-9b1c-190d749c9b75 |
Verdict: | Malicious activity |
Analysis date: | February 21, 2020, 16:09:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | CA079281EA3FB625E3535964A56EFB54 |
SHA1: | D3A9803EE2EE6434F2550947C9CBEC241D162764 |
SHA256: | 8BC39705E066D4FB66AF15ECA6E9B9ADA143B6BDBCCD3021B877736C6C24A321 |
SSDEEP: | 3:N1KLXaOIuF:CunuF |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1520 | "C:\Program Files\Internet Explorer\iexplore.exe" http://urchintelemetry.com | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3180 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1520 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1520 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\8QU1CQCK.htm | html | |
MD5:BF7580D255634BC899C8BE538237D50E | SHA256:22F357BDB6DECD369D9EC7B85E8E54292E23A4DCDDAAEFFE5CE463D800A72C03 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\min[1].js | text | |
MD5:5563332AD6AF63C9C94CEF15761BE544 | SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\libg[1].png | image | |
MD5:B06CC0EE3C9BE723861A2FE8F3B594E6 | SHA256:3D876C43F21D31D03EEF6D5B51E9CF7D28F6B0F017239300980AF88522A173A0 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\logo[1].png | image | |
MD5:9C98595145E8A8F5A7B6D4F88DCEEA6A | SHA256:B690A0CC0AD3A4899A5E6C52E4A5C7CA6C2F334F946C72B2AAFECB316D83B932 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\arrow[1].png | image | |
MD5:9B3B30BF536E8E02958B60FE30988CD3 | SHA256:368C4A249C5EEB012917122F5314AF8F89E7A7CC583D8BEF33950F60CF0214D0 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\ubuntu-b[1].eot | eot | |
MD5:7993208D5E2A6F3D6F461B69B292A47E | SHA256:F61D164B9E4C3DBDBE6F34B7D9FCA55A3B9DAE1929AA65E59408673410662FD3 | |||
1520 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\ubuntu-r[1].eot | eot | |
MD5:DBA7374F1813F5D55190C2851181409F | SHA256:645A384C895A5E3F9ABDFE2C8FE1BDAB2CFBAE6E69BA711F58DD3F237F2839FE | |||
3180 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\px[2].js | text | |
MD5:F84F931C0DD37448E03F0DABF4E4CA9F | SHA256:5C1D5FD46A88611C31ECBB8FFC1142A7E74EC7FB7D72BD3891131C880EF3F584 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3180 | iexplore.exe | GET | 200 | 204.11.56.48:80 | http://urchintelemetry.com/ | VG | html | 6.70 Kb | malicious |
3180 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i1.cdn-image.com/__media__/js/min.js?v2.2 | unknown | text | 2.97 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot? | unknown | eot | 33.8 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 204.11.56.48:80 | http://urchintelemetry.com/px.js?ch=2 | VG | text | 346 b | malicious |
3180 | iexplore.exe | GET | 200 | 204.11.56.48:80 | http://urchintelemetry.com/sk-logabpstatus.php?a=Z0FIYUl1M1VVUktyeVdCK0RnSHhVSU5ySUxoMG5jTHdkc3RJdW1wd1huY1V2TG9YMUVQdDBuWVg5Y2lsRUlTL0p1d2IrQWtrOVQ0eHRjOUMrSEx5Nkhub0dMN0VZdWJybUhwQ1E5QTdpUHc9&b=false | VG | text | 346 b | malicious |
3180 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot? | unknown | eot | 110 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i3.cdn-image.com/__media__/pics/12471/bodybg.png | unknown | image | 94.9 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i4.cdn-image.com/__media__/pics/12471/libg.png | unknown | image | 1.07 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 2.16.186.106:80 | http://i3.cdn-image.com/__media__/pics/12471/search-icon.png | unknown | image | 1.16 Kb | whitelisted |
3180 | iexplore.exe | GET | 200 | 204.11.56.48:80 | http://urchintelemetry.com/px.js?ch=1 | VG | text | 346 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1520 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 204.11.56.48:80 | urchintelemetry.com | Confluence Networks Inc | VG | malicious |
3180 | iexplore.exe | 204.11.56.48:80 | urchintelemetry.com | Confluence Networks Inc | VG | malicious |
3180 | iexplore.exe | 2.16.186.106:80 | i1.cdn-image.com | Akamai International B.V. | — | whitelisted |
3180 | iexplore.exe | 2.16.186.64:80 | i1.cdn-image.com | Akamai International B.V. | — | whitelisted |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
urchintelemetry.com |
| malicious |
i1.cdn-image.com |
| whitelisted |
i4.cdn-image.com |
| whitelisted |
i3.cdn-image.com |
| whitelisted |
i2.cdn-image.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |